#include "asterisk.h"
#include <openssl/evp.h>
#include "asterisk/module.h"
#include "asterisk/sorcery.h"
#include "asterisk/time.h"
#include "asterisk/json.h"
#include "asterisk/astdb.h"
#include "asterisk/paths.h"
#include "asterisk/conversions.h"
#include "asterisk/pbx.h"
#include "asterisk/global_datastores.h"
#include "asterisk/app.h"
#include "asterisk/test.h"
#include "asterisk/res_stir_shaken.h"
#include "res_stir_shaken/stir_shaken.h"
#include "res_stir_shaken/general.h"
#include "res_stir_shaken/store.h"
#include "res_stir_shaken/certificate.h"
#include "res_stir_shaken/curl.h"

Include dependency graph for res_stir_shaken.c:

Data Structures
struct	ast_stir_shaken_payload

struct	stir_shaken_datastore

Macros
#define	AST_DB_FAMILY "STIR_SHAKEN"

#define	EXPIRATION_BUFFER 15

#define	MAX_PATH_LEN 256

#define	STIR_SHAKEN_DIR_NAME "stir_shaken"

Functions
static void	__reg_module (void)

static void	__unreg_module (void)

static void	add_public_key_to_astdb (const char public_cert_url, const char filepath)
	Add the public key details and file path to AstDB. More...

struct ast_module *	AST_MODULE_SELF_SYM (void)

int	ast_stir_shaken_add_verification (struct ast_channel chan, const char identity, const char *attestation, enum ast_stir_shaken_verification_result result)
	Add a STIR/SHAKEN verification result to a channel. More...

unsigned int	ast_stir_shaken_get_signature_timeout (void)
	Retrieve the value for 'signature_timeout' from 'general' config object. More...

void	ast_stir_shaken_payload_free (struct ast_stir_shaken_payload *payload)
	Free a STIR/SHAKEN payload. More...

char *	ast_stir_shaken_payload_get_public_cert_url (const struct ast_stir_shaken_payload *payload)
	Retrieve the value for 'public_cert_url' from an ast_stir_shaken_payload. More...

unsigned char *	ast_stir_shaken_payload_get_signature (const struct ast_stir_shaken_payload *payload)
	Retrieve the value for 'signature' from an ast_stir_shaken_payload. More...

struct ast_stir_shaken_payload *	ast_stir_shaken_sign (struct ast_json *json)
	Sign a JSON STIR/SHAKEN payload. More...

struct ast_sorcery *	ast_stir_shaken_sorcery (void)
	Retrieve the stir/shaken sorcery context. More...

struct ast_stir_shaken_payload *	ast_stir_shaken_verify (const char header, const char payload, const char signature, const char algorithm, const char *public_cert_url)
	Verify a JSON STIR/SHAKEN payload. More...

	AST_TEST_DEFINE (test_stir_shaken_sign)

	AST_TEST_DEFINE (test_stir_shaken_verify)

static char *	curl_and_check_expiration (const char public_cert_url, const char path, int *curl)
	Downloads the public cert from public_cert_url. If curl is non-zero, that signals CURL has already been run, and we should bail here. The entry is added to AstDB as well. More...

static char *	get_path_to_public_key (const char *public_cert_url)
	Returns the path to the downloaded file for the provided URL. More...

static int	load_module (void)

static int	public_key_is_expired (const char *public_cert_url)
	Check to see if the public key is expired. More...

static int	reload_module (void)

static void	remove_public_key_from_astdb (const char *public_cert_url)
	Remove the public key details and associated information from AstDB. More...

static char *	run_curl (const char public_cert_url, const char path)
	CURL the file located at public_cert_url to the specified path. More...

static void	set_public_key_expiration (const char public_cert_url, const struct curl_cb_data data)
	Sets the expiration for the public key based on the provided fields. If Cache-Control is present, use it. Otherwise, use Expires. More...

static int	stir_shaken_add_attest (struct ast_json json, const char attest)
	Adds the 'attest' field to the JWT. More...

static int	stir_shaken_add_iat (struct ast_json *json)
	Adds the 'iat' field to the JWT. More...

static int	stir_shaken_add_origid (struct ast_json *json)
	Adds the 'origid' field to the JWT. More...

static int	stir_shaken_add_x5u (struct ast_json json, const char x5u)
	Adds the 'x5u' (public key URL) field to the JWT. More...

static void	stir_shaken_datastore_destroy_cb (void *data)
	The callback to destroy a stir_shaken_datastore. More...

static void	stir_shaken_datastore_free (struct stir_shaken_datastore *datastore)
	Frees a stir_shaken_datastore structure. More...

static int	stir_shaken_read (struct ast_channel chan, const char function, char data, char buf, size_t len)
	Retrieves STIR/SHAKEN verification information for the channel via dialplan. Examples: More...

static unsigned char *	stir_shaken_sign (char json_str, EVP_PKEY private_key)
	Signs the payload and returns the signature. More...

static const char *	stir_shaken_verification_result_to_string (enum ast_stir_shaken_verification_result result)
	Convert an ast_stir_shaken_verification_result to string representation. More...

static struct ast_stir_shaken_payload *	stir_shaken_verify_json (struct ast_json *json)
	Verifies the necessary contents are in the JSON and returns a ast_stir_shaken_payload with the extracted values. More...

static int	stir_shaken_verify_signature (const char msg, const char signature, EVP_PKEY *public_key)
	Verifies the signature using a public key. More...

static void	test_stir_shaken_add_fake_astdb_entry (const char public_cert_url, const char file_path)

static int	test_stir_shaken_write_temp_key (char *file_path, int private)
	Create a private or public key certificate. More...

static int	unload_module (void)

Variables
static struct ast_module_info	__mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS \| AST_MODFLAG_LOAD_ORDER , .description = "STIR/SHAKEN Module for Asterisk" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CHANNEL_DEPEND - 1, .requires = "res_curl", }

static const struct ast_module_info *	ast_module_info = &__mod_info

static const struct ast_datastore_info	stir_shaken_datastore_info

static struct ast_custom_function	stir_shaken_function

static struct ast_sorcery *	stir_shaken_sorcery

Macro Definition Documentation

◆ AST_DB_FAMILY

#define AST_DB_FAMILY "STIR_SHAKEN"

Definition at line 147 of file res_stir_shaken.c.

Referenced by add_public_key_to_astdb(), and remove_public_key_from_astdb().

◆ EXPIRATION_BUFFER

#define EXPIRATION_BUFFER 15

Definition at line 158 of file res_stir_shaken.c.

Referenced by set_public_key_expiration().

◆ MAX_PATH_LEN

#define MAX_PATH_LEN 256

Definition at line 153 of file res_stir_shaken.c.

Referenced by get_path_to_public_key(), and remove_public_key_from_astdb().

◆ STIR_SHAKEN_DIR_NAME

#define STIR_SHAKEN_DIR_NAME "stir_shaken"

Definition at line 150 of file res_stir_shaken.c.

Referenced by ast_stir_shaken_verify().

Function Documentation

◆ __reg_module()

static void __reg_module ( void )

static

Definition at line 1677 of file res_stir_shaken.c.

◆ __unreg_module()

static void __unreg_module ( void )

static

Definition at line 1677 of file res_stir_shaken.c.

◆ add_public_key_to_astdb()

static void add_public_key_to_astdb	(	const char *	public_cert_url,
		const char *	filepath
	)

static

Add the public key details and file path to AstDB.

Parameters

public_cert_url	The public cert URL
filepath	The path to the file

Definition at line 456 of file res_stir_shaken.c.

References AST_DB_FAMILY, ast_db_put(), and ast_sha1_hash().

Referenced by ast_stir_shaken_verify(), curl_and_check_expiration(), and test_stir_shaken_add_fake_astdb_entry().

 {
    char hash[41];
 
    ast_sha1_hash(hash, public_cert_url);
 
    ast_db_put(AST_DB_FAMILY, public_cert_url, hash);
    ast_db_put(hash, "path", filepath);
 }

◆ AST_MODULE_SELF_SYM()

struct ast_module* AST_MODULE_SELF_SYM ( void )

Definition at line 1677 of file res_stir_shaken.c.

◆ ast_stir_shaken_add_verification()

int ast_stir_shaken_add_verification	(	struct ast_channel *	chan,
		const char *	identity,
		const char *	attestation,
		enum ast_stir_shaken_verification_result	result
	)

Add a STIR/SHAKEN verification result to a channel.

Parameters

chan	The channel
identity	The identity
attestation	The attestation
result	The verification result

Return values

-1	on failure
0	on success

Definition at line 277 of file res_stir_shaken.c.

References ast_calloc, ast_channel_datastore_add(), ast_channel_lock, ast_channel_name(), ast_channel_unlock, ast_datastore_alloc, ast_log, ast_strdup, stir_shaken_datastore::attestation, ast_datastore::data, stir_shaken_datastore::identity, LOG_ERROR, NULL, result, stir_shaken_datastore_free(), and stir_shaken_datastore::verify_result.

Referenced by stir_shaken_incoming_request().

 {
    struct stir_shaken_datastore *ss_datastore;
    struct ast_datastore *datastore;
    const char *chan_name;
 
    if (!chan) {
       ast_log(LOG_ERROR, "Channel is required to add STIR/SHAKEN verification\n");
       return -1;
    }
 
    chan_name = ast_channel_name(chan);
 
    if (!identity) {
       ast_log(LOG_ERROR, "No identity to add STIR/SHAKEN verification to channel "
          "%s\n", chan_name);
       return -1;
    }
 
    if (!attestation) {
       ast_log(LOG_ERROR, "Attestation cannot be NULL to add STIR/SHAKEN verification to "
          "channel %s\n", chan_name);
       return -1;
    }
 
    ss_datastore = ast_calloc(1, sizeof(*ss_datastore));
    if (!ss_datastore) {
       ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore for "
          "channel %s\n", chan_name);
       return -1;
    }
 
    ss_datastore->identity = ast_strdup(identity);
    if (!ss_datastore->identity) {
       ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "
          "identity for channel %s\n", chan_name);
       stir_shaken_datastore_free(ss_datastore);
       return -1;
    }
 
    ss_datastore->attestation = ast_strdup(attestation);
    if (!ss_datastore->attestation) {
       ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "
          "attestation for channel %s\n", chan_name);
       stir_shaken_datastore_free(ss_datastore);
       return -1;
    }
 
    ss_datastore->verify_result = result;
 
    datastore = ast_datastore_alloc(&stir_shaken_datastore_info, NULL);
    if (!datastore) {
       ast_log(LOG_ERROR, "Failed to allocate space for datastore for channel "
          "%s\n", chan_name);
       stir_shaken_datastore_free(ss_datastore);
       return -1;
    }
 
    datastore->data = ss_datastore;
 
    ast_channel_lock(chan);
    ast_channel_datastore_add(chan, datastore);
    ast_channel_unlock(chan);
 
    return 0;
 }

◆ ast_stir_shaken_get_signature_timeout()

unsigned int ast_stir_shaken_get_signature_timeout ( void )

Retrieve the value for 'signature_timeout' from 'general' config object.

Return values

The	signature timeout

Definition at line 203 of file res_stir_shaken.c.

References ast_stir_shaken_signature_timeout(), and stir_shaken_general_get().

Referenced by compare_timestamp().

 {
    return ast_stir_shaken_signature_timeout(stir_shaken_general_get());
 }

◆ ast_stir_shaken_payload_free()

void ast_stir_shaken_payload_free ( struct ast_stir_shaken_payload * payload )

Free a STIR/SHAKEN payload.

Definition at line 178 of file res_stir_shaken.c.

References ast_stir_shaken_payload::algorithm, ast_free, ast_json_unref(), ast_stir_shaken_payload::header, ast_stir_shaken_payload::payload, ast_stir_shaken_payload::public_cert_url, and ast_stir_shaken_payload::signature.

Referenced by add_identity_header(), ast_stir_shaken_sign(), ast_stir_shaken_verify(), AST_TEST_DEFINE(), stir_shaken_incoming_request(), and stir_shaken_verify_json().

 {
    if (!payload) {
       return;
    }
 
    ast_json_unref(payload->header);
    ast_json_unref(payload->payload);
    ast_free(payload->algorithm);
    ast_free(payload->public_cert_url);
    ast_free(payload->signature);
 
    ast_free(payload);
 }

◆ ast_stir_shaken_payload_get_public_cert_url()

char* ast_stir_shaken_payload_get_public_cert_url ( const struct ast_stir_shaken_payload * payload )

Retrieve the value for 'public_cert_url' from an ast_stir_shaken_payload.

Parameters

payload The payload

Return values

The	public key URL

Definition at line 198 of file res_stir_shaken.c.

References NULL, and ast_stir_shaken_payload::public_cert_url.

Referenced by add_identity_header().

 {
    return payload ? payload->public_cert_url : NULL;
 }

◆ ast_stir_shaken_payload_get_signature()

unsigned char* ast_stir_shaken_payload_get_signature ( const struct ast_stir_shaken_payload * payload )

Retrieve the value for 'signature' from an ast_stir_shaken_payload.

Parameters

payload The payload

Return values

The signature

Definition at line 193 of file res_stir_shaken.c.

References NULL, and ast_stir_shaken_payload::signature.

Referenced by add_identity_header().

 {
    return payload ? payload->signature : NULL;
 }

◆ ast_stir_shaken_sign()

struct ast_stir_shaken_payload* ast_stir_shaken_sign ( struct ast_json * json )

Sign a JSON STIR/SHAKEN payload.

Note: This function will automatically add the "attest", "iat", and "origid" fields.

Parameters

json	The JWT to sign

Return values

ast_stir_shaken_payload	on success
NULL	on failure

Definition at line 1046 of file res_stir_shaken.c.

References ao2_cleanup, ast_calloc, ast_free, ast_json_dump_string, ast_json_object_get(), ast_json_string_get(), ast_log, ast_stir_shaken_payload_free(), ast_strdup, cleanup(), ast_stir_shaken_payload::header, LOG_ERROR, NULL, ast_stir_shaken_payload::payload, ast_stir_shaken_payload::public_cert_url, ast_stir_shaken_payload::signature, stir_shaken_add_attest(), stir_shaken_add_iat(), stir_shaken_add_origid(), stir_shaken_add_x5u(), stir_shaken_certificate_get_attestation(), stir_shaken_certificate_get_by_caller_id_number(), stir_shaken_certificate_get_private_key(), stir_shaken_certificate_get_public_cert_url(), stir_shaken_sign(), and stir_shaken_verify_json().

Referenced by add_identity_header(), and AST_TEST_DEFINE().

 {
    struct ast_stir_shaken_payload *ss_payload;
    unsigned char *signature;
    const char *public_cert_url;
    const char *caller_id_num;
    const char *header;
    const char *payload;
    struct ast_json *tmp_json;
    char *msg = NULL;
    size_t msg_len;
    struct stir_shaken_certificate *cert = NULL;
 
    ss_payload = stir_shaken_verify_json(json);
    if (!ss_payload) {
       return NULL;
    }
 
    /* From the payload section of the JSON, get the orig section, and then get
     * the value of tn. This will be the caller ID number */
    caller_id_num = ast_json_string_get(ast_json_object_get(ast_json_object_get(
          ast_json_object_get(json, "payload"), "orig"), "tn"));
    if (!caller_id_num) {
       ast_log(LOG_ERROR, "Failed to get caller ID number from JWT\n");
       goto cleanup;
    }
 
    cert = stir_shaken_certificate_get_by_caller_id_number(caller_id_num);
    if (!cert) {
       ast_log(LOG_ERROR, "Failed to retrieve certificate for caller ID "
          "'%s'\n", caller_id_num);
       goto cleanup;
    }
 
    public_cert_url = stir_shaken_certificate_get_public_cert_url(cert);
    if (stir_shaken_add_x5u(json, public_cert_url)) {
       ast_log(LOG_ERROR, "Failed to add 'x5u' (public cert URL) to payload\n");
       goto cleanup;
    }
    ss_payload->public_cert_url = ast_strdup(public_cert_url);
 
    if (stir_shaken_add_attest(json, stir_shaken_certificate_get_attestation(cert))) {
       ast_log(LOG_ERROR, "Failed to add 'attest' to payload\n");
       goto cleanup;
    }
 
    if (stir_shaken_add_origid(json)) {
       ast_log(LOG_ERROR, "Failed to add 'origid' to payload\n");
       goto cleanup;
    }
 
    if (stir_shaken_add_iat(json)) {
       ast_log(LOG_ERROR, "Failed to add 'iat' to payload\n");
       goto cleanup;
    }
 
    /* Get the header and the payload. Combine them to get the message to sign */
    tmp_json = ast_json_object_get(json, "header");
    header = ast_json_dump_string(tmp_json);
    tmp_json = ast_json_object_get(json, "payload");
    payload = ast_json_dump_string(tmp_json);
    msg_len = strlen(header) + strlen(payload) + 2;
    msg = ast_calloc(1, msg_len);
    if (!msg) {
       ast_log(LOG_ERROR, "Failed to allocate space for message to sign\n");
       goto cleanup;
    }
    snprintf(msg, msg_len, "%s.%s", header, payload);
 
    signature = stir_shaken_sign(msg, stir_shaken_certificate_get_private_key(cert));
    if (!signature) {
       goto cleanup;
    }
 
    ss_payload->signature = signature;
    ao2_cleanup(cert);
    ast_free(msg);
 
    return ss_payload;
 
 cleanup:
    ao2_cleanup(cert);
    ast_stir_shaken_payload_free(ss_payload);
    ast_free(msg);
    return NULL;
 }

◆ ast_stir_shaken_sorcery()

struct ast_sorcery* ast_stir_shaken_sorcery ( void )

Retrieve the stir/shaken sorcery context.

Return values

The	stir/shaken sorcery context

Definition at line 173 of file res_stir_shaken.c.

References stir_shaken_sorcery.

Referenced by load_module(), stir_shaken_certificate_get(), stir_shaken_certificate_get_all(), stir_shaken_certificate_get_by_caller_id_number(), stir_shaken_certificate_load(), stir_shaken_cli_show(), stir_shaken_general_get(), stir_shaken_general_load(), stir_shaken_general_unload(), stir_shaken_store_get(), stir_shaken_store_get_all(), stir_shaken_store_load(), test_stir_shaken_cleanup_cert(), and test_stir_shaken_create_cert().

 {
    return stir_shaken_sorcery;
 }

◆ ast_stir_shaken_verify()

struct ast_stir_shaken_payload* ast_stir_shaken_verify	(	const char *	header,
		const char *	payload,
		const char *	signature,
		const char *	algorithm,
		const char *	public_cert_url
	)

Verify a JSON STIR/SHAKEN payload.

Parameters

header	The payload header
payload	The payload section
signature	The payload signature
algorithm	The signature algorithm
public_cert_url	The public key URL

Return values

ast_stir_shaken_payload	on success
NULL	on failure

Definition at line 620 of file res_stir_shaken.c.

References add_public_key_to_astdb(), ast_stir_shaken_payload::algorithm, ast_asprintf, ast_calloc, ast_config_AST_DATA_DIR, ast_debug, ast_free, ast_json_load_string(), ast_log, ast_stir_shaken_payload_free(), ast_strdup, ast_strlen_zero, curl_and_check_expiration(), get_path_to_public_key(), ast_stir_shaken_payload::header, LOG_ERROR, NULL, ast_stir_shaken_payload::payload, ast_stir_shaken_payload::public_cert_url, public_key_is_expired(), RAII_VAR, remove_public_key_from_astdb(), run_curl(), ast_stir_shaken_payload::signature, STIR_SHAKEN_DIR_NAME, stir_shaken_read_key(), and stir_shaken_verify_signature().

Referenced by AST_TEST_DEFINE(), and stir_shaken_incoming_request().

 {
    struct ast_stir_shaken_payload *ret_payload;
    EVP_PKEY *public_key;
    int curl = 0;
    RAII_VAR(char *, file_path, NULL, ast_free);
    RAII_VAR(char *, dir_path, NULL, ast_free);
    RAII_VAR(char *, combined_str, NULL, ast_free);
    size_t combined_size;
 
    if (ast_strlen_zero(header)) {
       ast_log(LOG_ERROR, "'header' is required for STIR/SHAKEN verification\n");
       return NULL;
    }
 
    if (ast_strlen_zero(payload)) {
       ast_log(LOG_ERROR, "'payload' is required for STIR/SHAKEN verification\n");
       return NULL;
    }
 
    if (ast_strlen_zero(signature)) {
       ast_log(LOG_ERROR, "'signature' is required for STIR/SHAKEN verification\n");
       return NULL;
    }
 
    if (ast_strlen_zero(algorithm)) {
       ast_log(LOG_ERROR, "'algorithm' is required for STIR/SHAKEN verification\n");
       return NULL;
    }
 
    if (ast_strlen_zero(public_cert_url)) {
       ast_log(LOG_ERROR, "'public_cert_url' is required for STIR/SHAKEN verification\n");
       return NULL;
    }
 
    /* Check to see if we have already downloaded this public cert. The reason we
     * store the file path is because:
     *
     * 1. If, for some reason, the default directory changes, we still know where
     * to look for the files we already have.
     *
     * 2. In the future, if we want to add a way to store the certs in multiple
     * {configurable) directories, we already have the storage mechanism in place.
     * The only thing that would be left to do is pull from the configuration.
     */
    file_path = get_path_to_public_key(public_cert_url);
    if (ast_asprintf(&dir_path, "%s/keys/%s", ast_config_AST_DATA_DIR, STIR_SHAKEN_DIR_NAME) < 0) {
       return NULL;
    }
 
    /* If we don't have an entry in AstDB, CURL from the provided URL */
    if (ast_strlen_zero(file_path)) {
       /* Remove this entry from the database, since we will be
        * downloading a new file anyways.
        */
       remove_public_key_from_astdb(public_cert_url);
 
       /* Go ahead and free file_path, in case anything was allocated above */
       ast_free(file_path);
 
       /* Download to the default path */
       file_path = run_curl(public_cert_url, dir_path);
       if (!file_path) {
          return NULL;
       }
 
       /* Signal that we have already downloaded a new file, no reason to do it again */
       curl = 1;
 
       /* We should have a successful download at this point, so
        * add an entry to the database.
        */
       add_public_key_to_astdb(public_cert_url, file_path);
    }
 
    /* Check to see if the cert we downloaded (or already had) is expired */
    if (public_key_is_expired(public_cert_url)) {
 
       ast_debug(3, "Public cert '%s' is expired\n", public_cert_url);
 
       remove_public_key_from_astdb(public_cert_url);
 
       /* If this fails, then there's nothing we can do */
       ast_free(file_path);
       file_path = curl_and_check_expiration(public_cert_url, dir_path, &curl);
       if (!file_path) {
          return NULL;
       }
    }
 
    /* First attempt to read the key. If it fails, try downloading the file,
     * unless we already did. Check for expiration again */
    public_key = stir_shaken_read_key(file_path, 0);
    if (!public_key) {
 
       ast_debug(3, "Failed first read of public key file '%s'\n", file_path);
 
       remove_public_key_from_astdb(public_cert_url);
 
       ast_free(file_path);
       file_path = curl_and_check_expiration(public_cert_url, dir_path, &curl);
       if (!file_path) {
          return NULL;
       }
 
       public_key = stir_shaken_read_key(file_path, 0);
       if (!public_key) {
          ast_log(LOG_ERROR, "Failed to read public key from '%s'\n", file_path);
          remove_public_key_from_astdb(public_cert_url);
          return NULL;
       }
    }
 
    /* Combine the header and payload to get the original signed message: header.payload */
    combined_size = strlen(header) + strlen(payload) + 2;
    combined_str = ast_calloc(1, combined_size);
    if (!combined_str) {
       ast_log(LOG_ERROR, "Failed to allocate space for message to verify\n");
       EVP_PKEY_free(public_key);
       return NULL;
    }
    snprintf(combined_str, combined_size, "%s.%s", header, payload);
    if (stir_shaken_verify_signature(combined_str, signature, public_key)) {
       ast_log(LOG_ERROR, "Failed to verify signature\n");
       EVP_PKEY_free(public_key);
       return NULL;
    }
 
    /* We don't need the public key anymore */
    EVP_PKEY_free(public_key);
 
    ret_payload = ast_calloc(1, sizeof(*ret_payload));
    if (!ret_payload) {
       ast_log(LOG_ERROR, "Failed to allocate STIR/SHAKEN payload\n");
       return NULL;
    }
 
    ret_payload->header = ast_json_load_string(header, NULL);
    if (!ret_payload->header) {
       ast_log(LOG_ERROR, "Failed to create JSON from header\n");
       ast_stir_shaken_payload_free(ret_payload);
       return NULL;
    }
 
    ret_payload->payload = ast_json_load_string(payload, NULL);
    if (!ret_payload->payload) {
       ast_log(LOG_ERROR, "Failed to create JSON from payload\n");
       ast_stir_shaken_payload_free(ret_payload);
       return NULL;
    }
 
    ret_payload->signature = (unsigned char *)ast_strdup(signature);
    ret_payload->algorithm = ast_strdup(algorithm);
    ret_payload->public_cert_url = ast_strdup(public_cert_url);
 
    return ret_payload;
 }

◆ AST_TEST_DEFINE() [1/2]

AST_TEST_DEFINE ( test_stir_shaken_sign )

Definition at line 1333 of file res_stir_shaken.c.

References ast_json_free(), ast_json_pack(), ast_stir_shaken_payload_free(), ast_stir_shaken_sign(), AST_TEST_FAIL, AST_TEST_NOT_RUN, AST_TEST_PASS, ast_test_status_update, sip_to_pjsip::info(), NULL, ast_stir_shaken_payload::payload, RAII_VAR, STIR_SHAKEN_ENCRYPTION_ALGORITHM, STIR_SHAKEN_PPT, STIR_SHAKEN_TYPE, TEST_EXECUTE, TEST_INIT, test_stir_shaken_cleanup_cert(), test_stir_shaken_create_cert(), and test_stir_shaken_write_temp_key().

 {
    char *caller_id_number = "1234567";
    char file_path[] = "/tmp/stir_shaken_private.XXXXXX";
    RAII_VAR(char *, rm_on_exit, file_path, unlink);
    RAII_VAR(struct ast_json *, json, NULL, ast_json_free);
    RAII_VAR(struct ast_stir_shaken_payload *, payload, NULL, ast_stir_shaken_payload_free);
 
    switch (cmd) {
    case TEST_INIT:
       info->name = "stir_shaken_sign";
       info->category = "/res/res_stir_shaken/";
       info->summary = "STIR/SHAKEN sign unit test";
       info->description =
          "Tests signing a JWT with a private key.";
       return AST_TEST_NOT_RUN;
    case TEST_EXECUTE:
       break;
    }
 
    /* We only need a private key to sign */
    test_stir_shaken_write_temp_key(file_path, 1);
    test_stir_shaken_create_cert(caller_id_number, file_path);
 
    /* Test missing header section */
    json = ast_json_pack("{s: {s: {s: s}}}", "payload", "orig", "tn", caller_id_number);
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (missing 'header')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test missing payload section */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s, s: s}}", "header", "alg",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "ppt", STIR_SHAKEN_PPT, "typ", STIR_SHAKEN_TYPE,
       "x5u", "http://testing123");
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (missing 'payload')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test missing alg section */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s}, s: {s: {s: s}}}", "header", "ppt",
       STIR_SHAKEN_PPT, "typ", STIR_SHAKEN_TYPE, "x5u", "http://testing123", "payload",
       "orig", "tn", caller_id_number);
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (missing 'alg')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test invalid alg value */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s, s: s}, s: {s: {s: s}}}", "header", "alg",
       "invalid algorithm", "ppt", STIR_SHAKEN_PPT, "typ", STIR_SHAKEN_TYPE,
       "x5u", "http://testing123", "payload", "orig", "tn", caller_id_number);
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (wrong 'alg')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test missing ppt section */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s}, s: {s: {s: s}}}", "header", "alg",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "typ", STIR_SHAKEN_TYPE, "x5u", "http://testing123",
       "payload", "orig", "tn", caller_id_number);
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (missing 'ppt')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test invalid ppt value */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s, s: s}, s: {s: {s: s}}}", "header", "alg",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "ppt", "invalid ppt", "typ", STIR_SHAKEN_TYPE,
       "x5u", "http://testing123", "payload", "orig", "tn", caller_id_number);
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (wrong 'ppt')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test missing typ section */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s}, s: {s: {s: s}}}", "header", "alg",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "ppt", STIR_SHAKEN_PPT, "x5u", "http://testing123",
       "payload", "orig", "tn", caller_id_number);
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (missing 'typ')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test invalid typ value */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s, s: s}, s: {s: {s: s}}}", "header", "alg",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "ppt", STIR_SHAKEN_PPT, "typ", "invalid typ",
       "x5u", "http://testing123", "payload", "orig", "tn", caller_id_number);
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (wrong 'typ')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test missing orig section */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s, s: s}, s: {s: s}}", "header", "alg",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "ppt", STIR_SHAKEN_PPT, "typ", STIR_SHAKEN_TYPE,
       "x5u", "http://testing123", "payload", "filler", "filler");
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (missing 'orig')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test missing tn section */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s, s: s}, s: {s: s}}", "header", "alg",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "ppt", STIR_SHAKEN_PPT, "typ", STIR_SHAKEN_TYPE,
       "x5u", "http://testing123", "payload", "orig", "filler");
    payload = ast_stir_shaken_sign(json);
    if (payload) {
       ast_test_status_update(test, "Signed an invalid JWT (missing 'tn')\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test valid JWT */
    ast_json_free(json);
    json = ast_json_pack("{s: {s: s, s: s, s: s, s: s}, s: {s: {s: s}}}", "header", "alg",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "ppt", STIR_SHAKEN_PPT, "typ", STIR_SHAKEN_TYPE,
       "x5u", "http://testing123", "payload", "orig", "tn", caller_id_number);
    payload = ast_stir_shaken_sign(json);
    if (!payload) {
       ast_test_status_update(test, "Failed to sign a valid JWT\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    test_stir_shaken_cleanup_cert(caller_id_number);
 
    return AST_TEST_PASS;
 }

◆ AST_TEST_DEFINE() [2/2]

AST_TEST_DEFINE ( test_stir_shaken_verify )

Definition at line 1491 of file res_stir_shaken.c.

References ast_json_dump_string, ast_json_free(), ast_json_object_get(), ast_json_pack(), ast_stir_shaken_payload_free(), ast_stir_shaken_sign(), ast_stir_shaken_verify(), AST_TEST_FAIL, AST_TEST_NOT_RUN, AST_TEST_PASS, ast_test_status_update, ast_stir_shaken_payload::header, sip_to_pjsip::info(), NULL, ast_stir_shaken_payload::payload, ast_stir_shaken_payload::public_cert_url, RAII_VAR, remove_public_key_from_astdb(), STIR_SHAKEN_ENCRYPTION_ALGORITHM, STIR_SHAKEN_PPT, STIR_SHAKEN_TYPE, TEST_EXECUTE, TEST_INIT, test_stir_shaken_add_fake_astdb_entry(), test_stir_shaken_cleanup_cert(), test_stir_shaken_create_cert(), and test_stir_shaken_write_temp_key().

 {
    char *caller_id_number = "1234567";
    char *public_cert_url = "http://testing123";
    char *header;
    char *payload;
    struct ast_json *tmp_json;
    char public_path[] = "/tmp/stir_shaken_public.XXXXXX";
    char private_path[] = "/tmp/stir_shaken_public.XXXXXX";
    RAII_VAR(char *, rm_on_exit_public, public_path, unlink);
    RAII_VAR(char *, rm_on_exit_private, private_path, unlink);
    RAII_VAR(struct ast_json *, json, NULL, ast_json_free);
    RAII_VAR(struct ast_stir_shaken_payload *, signed_payload, NULL, ast_stir_shaken_payload_free);
    RAII_VAR(struct ast_stir_shaken_payload *, returned_payload, NULL, ast_stir_shaken_payload_free);
 
    switch (cmd) {
    case TEST_INIT:
       info->name = "stir_shaken_verify";
       info->category = "/res/res_stir_shaken/";
       info->summary = "STIR/SHAKEN verify unit test";
       info->description =
          "Tests verifying a signature with a public key";
       return AST_TEST_NOT_RUN;
    case TEST_EXECUTE:
       break;
    }
 
    /* We need the private key to sign, but we also need the corresponding
     * public key to verify */
    test_stir_shaken_write_temp_key(public_path, 0);
    test_stir_shaken_write_temp_key(private_path, 1);
    test_stir_shaken_create_cert(caller_id_number, private_path);
 
    /* Get the signature */
    json = ast_json_pack("{s: {s: s, s: s, s: s, s: s}, s: {s: {s: s}}}", "header", "alg",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "ppt", STIR_SHAKEN_PPT, "typ", STIR_SHAKEN_TYPE,
       "x5u", public_cert_url, "payload", "orig", "tn", caller_id_number);
    signed_payload = ast_stir_shaken_sign(json);
    if (!signed_payload) {
       ast_test_status_update(test, "Failed to sign a valid JWT\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Get the header and payload for ast_stir_shaken_verify */
    tmp_json = ast_json_object_get(json, "header");
    header = ast_json_dump_string(tmp_json);
    tmp_json = ast_json_object_get(json, "payload");
    payload = ast_json_dump_string(tmp_json);
 
    /* Test empty header parameter */
    returned_payload = ast_stir_shaken_verify("", payload, (const char *)signed_payload->signature,
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, public_cert_url);
    if (returned_payload) {
       ast_test_status_update(test, "Verified a signature with missing 'header'\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test empty payload parameter */
    returned_payload = ast_stir_shaken_verify(header, "", (const char *)signed_payload->signature,
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, public_cert_url);
    if (returned_payload) {
       ast_test_status_update(test, "Verified a signature with missing 'payload'\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test empty signature parameter */
    returned_payload = ast_stir_shaken_verify(header, payload, "",
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, public_cert_url);
    if (returned_payload) {
       ast_test_status_update(test, "Verified a signature with missing 'signature'\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test empty algorithm parameter */
    returned_payload = ast_stir_shaken_verify(header, payload, (const char *)signed_payload->signature,
       "", public_cert_url);
    if (returned_payload) {
       ast_test_status_update(test, "Verified a signature with missing 'algorithm'\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Test empty public key URL */
    returned_payload = ast_stir_shaken_verify(header, payload, (const char *)signed_payload->signature,
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, "");
    if (returned_payload) {
       ast_test_status_update(test, "Verified a signature with missing 'public key URL'\n");
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    /* Trick the function into thinking we've already downloaded the key */
    test_stir_shaken_add_fake_astdb_entry(public_cert_url, public_path);
 
    /* Verify a valid signature */
    returned_payload = ast_stir_shaken_verify(header, payload, (const char *)signed_payload->signature,
       STIR_SHAKEN_ENCRYPTION_ALGORITHM, public_cert_url);
    if (!returned_payload) {
       ast_test_status_update(test, "Failed to verify a valid signature\n");
       remove_public_key_from_astdb(public_cert_url);
       test_stir_shaken_cleanup_cert(caller_id_number);
       return AST_TEST_FAIL;
    }
 
    remove_public_key_from_astdb(public_cert_url);
 
    test_stir_shaken_cleanup_cert(caller_id_number);
 
    return AST_TEST_PASS;
 }

◆ curl_and_check_expiration()

static char* curl_and_check_expiration	(	const char *	public_cert_url,
		const char *	path,
		int *	curl
	)

static

Downloads the public cert from public_cert_url. If curl is non-zero, that signals CURL has already been run, and we should bail here. The entry is added to AstDB as well.

Note: filename will need to be freed by the caller

Parameters

public_cert_url	The public cert URL
path	The path to download the file to
curl	Flag signaling if we have run CURL or not

Return values

NULL	on failure
full	path filename on success

Definition at line 594 of file res_stir_shaken.c.

References add_public_key_to_astdb(), ast_free, ast_log, LOG_ERROR, NULL, public_key_is_expired(), and run_curl().

Referenced by ast_stir_shaken_verify().

 {
    char *filename;
 
    if (curl) {
       ast_log(LOG_ERROR, "Already downloaded public key '%s'\n", path);
       return NULL;
    }
 
    filename = run_curl(public_cert_url, path);
    if (!filename) {
       return NULL;
    }
 
    if (public_key_is_expired(public_cert_url)) {
       ast_log(LOG_ERROR, "Newly downloaded public key '%s' is expired\n", path);
       ast_free(filename);
       return NULL;
    }
 
    *curl = 1;
    add_public_key_to_astdb(public_cert_url, filename);
 
    return filename;
 }

◆ get_path_to_public_key()

static char* get_path_to_public_key ( const char * public_cert_url )

static

Returns the path to the downloaded file for the provided URL.

Parameters

public_cert_url The public cert URL

Return values

Empty	string if not present in AstDB
The	file path if present in AstDB

Definition at line 434 of file res_stir_shaken.c.

References ast_db_get(), ast_sha1_hash(), ast_strdup, ast_strlen_zero, and MAX_PATH_LEN.

Referenced by ast_stir_shaken_verify().

 {
    char hash[41];
    char file_path[MAX_PATH_LEN];
 
    ast_sha1_hash(hash, public_cert_url);
 
    ast_db_get(hash, "path", file_path, sizeof(file_path));
 
    if (ast_strlen_zero(file_path)) {
       file_path[0] = '\0';
    }
 
    return ast_strdup(file_path);
 }

◆ load_module()

static int load_module ( void )

static

Definition at line 1636 of file res_stir_shaken.c.

References ast_custom_function_register, ast_log, AST_MODFLAG_GLOBAL_SYMBOLS, AST_MODFLAG_LOAD_ORDER, AST_MODPRI_CHANNEL_DEPEND, AST_MODULE_INFO(), AST_MODULE_LOAD_DECLINE, AST_MODULE_SUPPORT_CORE, ast_sorcery_load(), ast_sorcery_open, ast_stir_shaken_sorcery(), AST_TEST_REGISTER, ASTERISK_GPL_KEY, LOG_ERROR, reload(), reload_module(), stir_shaken_certificate_load(), stir_shaken_general_load(), stir_shaken_store_load(), and unload_module().

 {
    int res = 0;
 
    if (!(stir_shaken_sorcery = ast_sorcery_open())) {
       ast_log(LOG_ERROR, "stir/shaken - failed to open sorcery\n");
       return AST_MODULE_LOAD_DECLINE;
    }
 
    if (stir_shaken_general_load()) {
       unload_module();
       return AST_MODULE_LOAD_DECLINE;
    }
 
    if (stir_shaken_store_load()) {
       unload_module();
       return AST_MODULE_LOAD_DECLINE;
    }
 
    if (stir_shaken_certificate_load()) {
       unload_module();
       return AST_MODULE_LOAD_DECLINE;
    }
 
    ast_sorcery_load(ast_stir_shaken_sorcery());
 
    res |= ast_custom_function_register(&stir_shaken_function);
 
    AST_TEST_REGISTER(test_stir_shaken_sign);
    AST_TEST_REGISTER(test_stir_shaken_verify);
 
    return res;
 }

◆ public_key_is_expired()

static int public_key_is_expired ( const char * public_cert_url )

static

Check to see if the public key is expired.

Parameters

public_cert_url The public cert URL

Return values

1	if expired
0	if not expired

Definition at line 405 of file res_stir_shaken.c.

References ast_db_get(), ast_sha1_hash(), ast_str_to_ulong(), ast_strlen_zero, ast_tvcmp(), and ast_tvnow().

Referenced by ast_stir_shaken_verify(), and curl_and_check_expiration().

 {
    struct timeval current_time = ast_tvnow();
    struct timeval expires = { .tv_sec = 0, .tv_usec = 0 };
    char expiration[32];
    char hash[41];
 
    ast_sha1_hash(hash, public_cert_url);
    ast_db_get(hash, "expiration", expiration, sizeof(expiration));
 
    if (ast_strlen_zero(expiration)) {
       return 1;
    }
 
    if (ast_str_to_ulong(expiration, (unsigned long *)&expires.tv_sec)) {
       return 1;
    }
 
    return ast_tvcmp(current_time, expires) == -1 ? 0 : 1;
 }

◆ reload_module()

static int reload_module ( void )

static

Definition at line 1608 of file res_stir_shaken.c.

References ast_sorcery_reload().

Referenced by load_module().

 {
    if (stir_shaken_sorcery) {
       ast_sorcery_reload(stir_shaken_sorcery);
    }
 
    return 0;
 }

◆ remove_public_key_from_astdb()

static void remove_public_key_from_astdb ( const char * public_cert_url )

static

Remove the public key details and associated information from AstDB.

Parameters

public_cert_url The public cert URL

Definition at line 471 of file res_stir_shaken.c.

References ast_db_del(), ast_db_deltree(), AST_DB_FAMILY, ast_db_get(), ast_sha1_hash(), MAX_PATH_LEN, and NULL.

Referenced by ast_stir_shaken_verify(), and AST_TEST_DEFINE().

 {
    char hash[41];
    char filepath[MAX_PATH_LEN];
 
    ast_sha1_hash(hash, public_cert_url);
 
    /* Remove this public key from storage */
    ast_db_get(hash, "path", filepath, sizeof(filepath));
 
    /* Remove the actual file from the system */
    remove(filepath);
 
    ast_db_del(AST_DB_FAMILY, public_cert_url);
    ast_db_deltree(hash, NULL);
 }

◆ run_curl()

static char* run_curl	(	const char *	public_cert_url,
		const char *	path
	)

static

CURL the file located at public_cert_url to the specified path.

Note: filename will need to be freed by the caller

Parameters

public_cert_url	The public cert URL
path	The path to download the file to

Return values

NULL	on failure
full	path filename on success

Definition at line 557 of file res_stir_shaken.c.

References ast_log, curl_cb_data_create(), curl_cb_data_free(), curl_public_key(), LOG_ERROR, NULL, and set_public_key_expiration().

Referenced by ast_stir_shaken_verify(), and curl_and_check_expiration().

 {
    struct curl_cb_data *data;
    char *filename;
 
    data = curl_cb_data_create();
    if (!data) {
       ast_log(LOG_ERROR, "Failed to create CURL callback data\n");
       return NULL;
    }
 
    filename = curl_public_key(public_cert_url, path, data);
    if (!filename) {
       ast_log(LOG_ERROR, "Could not retrieve public key for '%s'\n", public_cert_url);
       curl_cb_data_free(data);
       return NULL;
    }
 
    set_public_key_expiration(public_cert_url, data);
    curl_cb_data_free(data);
 
    return filename;
 }

◆ set_public_key_expiration()

static void set_public_key_expiration	(	const char *	public_cert_url,
		const struct curl_cb_data *	data
	)

static

Sets the expiration for the public key based on the provided fields. If Cache-Control is present, use it. Otherwise, use Expires.

Parameters

public_cert_url	The URL to the public certificate
data	The CURL callback data containing expiration data

Definition at line 352 of file res_stir_shaken.c.

References ast_db_put(), ast_sha1_hash(), ast_str_to_uint(), ast_strlen_zero, ast_tvnow(), curl_cb_data_get_cache_control(), curl_cb_data_get_expires(), EXPIRATION_BUFFER, and value.

Referenced by run_curl().

 {
    char time_buf[32];
    char *value;
    struct timeval actual_expires = ast_tvnow();
    char hash[41];
 
    ast_sha1_hash(hash, public_cert_url);
 
    value = curl_cb_data_get_cache_control(data);
    if (!ast_strlen_zero(value)) {
       char *str_max_age;
 
       str_max_age = strstr(value, "s-maxage");
       if (!str_max_age) {
          str_max_age = strstr(value, "max-age");
       }
 
       if (str_max_age) {
          unsigned int max_age;
          char *equal = strchr(str_max_age, '=');
          if (equal && !ast_str_to_uint(equal + 1, &max_age)) {
             actual_expires.tv_sec += max_age;
          }
       }
    } else {
       value = curl_cb_data_get_expires(data);
       if (!ast_strlen_zero(value)) {
          struct tm expires_time;
 
          strptime(value, "%a, %d %b %Y %T %z", &expires_time);
          expires_time.tm_isdst = -1;
          actual_expires.tv_sec = mktime(&expires_time);
       }
    }
 
    if (ast_strlen_zero(value)) {
       actual_expires.tv_sec += EXPIRATION_BUFFER;
    }
 
    snprintf(time_buf, sizeof(time_buf), "%30lu", actual_expires.tv_sec);
 
    ast_db_put(hash, "expiration", time_buf);
 }

◆ stir_shaken_add_attest()

static int stir_shaken_add_attest	(	struct ast_json *	json,
		const char *	attest
	)

static

Adds the 'attest' field to the JWT.

Parameters

json	The JWT
attest	The value to set attest to

Return values

0	on success
-1	on failure

Definition at line 990 of file res_stir_shaken.c.

References ast_json_object_get(), ast_json_object_set(), ast_json_string_create(), and value.

Referenced by ast_stir_shaken_sign().

 {
    struct ast_json *value;
 
    value = ast_json_string_create(attest);
    if (!value) {
       return -1;
    }
 
    return ast_json_object_set(ast_json_object_get(json, "payload"), "attest", value);
 }

◆ stir_shaken_add_iat()

static int stir_shaken_add_iat ( struct ast_json * json )

static

Adds the 'iat' field to the JWT.

Parameters

json The JWT

Return values

0	on success
-1	on failure

Definition at line 1033 of file res_stir_shaken.c.

References ast_json_integer_create(), ast_json_object_get(), ast_json_object_set(), ast_tvnow(), and value.

Referenced by ast_stir_shaken_sign().

 {
    struct ast_json *value;
    struct timeval tv;
    int timestamp;
 
    tv = ast_tvnow();
    timestamp = tv.tv_sec + tv.tv_usec / 1000;
    value = ast_json_integer_create(timestamp);
 
    return ast_json_object_set(ast_json_object_get(json, "payload"), "iat", value);
 }

◆ stir_shaken_add_origid()

static int stir_shaken_add_origid ( struct ast_json * json )

static

Adds the 'origid' field to the JWT.

Parameters

json The JWT

Return values

0	on success
-1	on failure

Definition at line 1010 of file res_stir_shaken.c.

References ast_json_object_get(), ast_json_object_set(), ast_json_string_create(), ast_uuid_generate_str(), AST_UUID_STR_LEN, and value.

Referenced by ast_stir_shaken_sign().

 {
    struct ast_json *value;
    char uuid_str[AST_UUID_STR_LEN];
 
    ast_uuid_generate_str(uuid_str, sizeof(uuid_str));
    if (strlen(uuid_str) != (AST_UUID_STR_LEN - 1)) {
       return -1;
    }
 
    value = ast_json_string_create(uuid_str);
 
    return ast_json_object_set(ast_json_object_get(json, "payload"), "origid", value);
 }

◆ stir_shaken_add_x5u()

static int stir_shaken_add_x5u	(	struct ast_json *	json,
		const char *	x5u
	)

static

Adds the 'x5u' (public key URL) field to the JWT.

Parameters

json	The JWT
x5u	The public key URL

Return values

0	on success
-1	on failure

Definition at line 969 of file res_stir_shaken.c.

References ast_json_object_get(), ast_json_object_set(), ast_json_string_create(), and value.

Referenced by ast_stir_shaken_sign().

 {
    struct ast_json *value;
 
    value = ast_json_string_create(x5u);
    if (!value) {
       return -1;
    }
 
    return ast_json_object_set(ast_json_object_get(json, "header"), "x5u", value);
 }

◆ stir_shaken_datastore_destroy_cb()

static void stir_shaken_datastore_destroy_cb ( void * data )

static

The callback to destroy a stir_shaken_datastore.

Parameters

data	The stir_shaken_datastore

Definition at line 265 of file res_stir_shaken.c.

References stir_shaken_datastore_free().

 {
    struct stir_shaken_datastore *datastore = data;
    stir_shaken_datastore_free(datastore);
 }

◆ stir_shaken_datastore_free()

static void stir_shaken_datastore_free ( struct stir_shaken_datastore * datastore )

static

Frees a stir_shaken_datastore structure.

Parameters

datastore The datastore to free

Definition at line 249 of file res_stir_shaken.c.

References ast_free, stir_shaken_datastore::attestation, and stir_shaken_datastore::identity.

Referenced by ast_stir_shaken_add_verification(), and stir_shaken_datastore_destroy_cb().

 {
    if (!datastore) {
       return;
    }
 
    ast_free(datastore->identity);
    ast_free(datastore->attestation);
    ast_free(datastore);
 }

◆ stir_shaken_read()

static int stir_shaken_read	(	struct ast_channel *	chan,
		const char *	function,
		char *	data,
		char *	buf,
		size_t	len
	)

static

Retrieves STIR/SHAKEN verification information for the channel via dialplan. Examples:

STIR_SHAKEN(count) STIR_SHAKEN(0, identity) STIR_SHAKEN(1, attestation) STIR_SHAKEN(27, verify_result)

Return values

-1	on failure
0	on success

Definition at line 1145 of file res_stir_shaken.c.

References args, AST_APP_ARG, ast_channel_datastores(), ast_channel_lock, ast_channel_unlock, ast_copy_string(), AST_DECLARE_APP_ARGS, AST_LIST_TRAVERSE, ast_log, AST_STANDARD_APP_ARGS, ast_str_to_uint(), ast_strdupa, ast_strip(), ast_strlen_zero, stir_shaken_datastore::attestation, ast_datastore::data, first, stir_shaken_datastore::identity, ast_datastore::info, LOG_ERROR, LOG_WARNING, parse(), stir_shaken_verification_result_to_string(), and stir_shaken_datastore::verify_result.

 {
    struct stir_shaken_datastore *ss_datastore;
    struct ast_datastore *datastore;
    char *parse;
    char *first;
    char *second;
    unsigned int target_index, current_index = 0;
    AST_DECLARE_APP_ARGS(args,
       AST_APP_ARG(first_param);
       AST_APP_ARG(second_param);
    );
 
    if (ast_strlen_zero(data)) {
       ast_log(LOG_WARNING, "%s requires at least one argument\n", function);
       return -1;
    }
 
    if (!chan) {
       ast_log(LOG_ERROR, "No channel for %s function\n", function);
       return -1;
    }
 
    parse = ast_strdupa(data);
 
    AST_STANDARD_APP_ARGS(args, parse);
 
    first = ast_strip(args.first_param);
    if (ast_strlen_zero(first)) {
       ast_log(LOG_ERROR, "An argument must be passed to %s\n", function);
       return -1;
    }
 
    second = ast_strip(args.second_param);
 
    /* Check if we are only looking for the number of STIR/SHAKEN verification results */
    if (!strcasecmp(first, "count")) {
 
       size_t count = 0;
 
       if (!ast_strlen_zero(second)) {
          ast_log(LOG_ERROR, "%s only takes 1 paramater for 'count'\n", function);
          return -1;
       }
 
       ast_channel_lock(chan);
       AST_LIST_TRAVERSE(ast_channel_datastores(chan), datastore, entry) {
          if (datastore->info != &stir_shaken_datastore_info) {
             continue;
          }
          count++;
       }
       ast_channel_unlock(chan);
 
       snprintf(buf, len, "%zu", count);
       return 0;
    }
 
    /* If we aren't doing a count, then there should be two parameters. The field
     * we are searching for will be the second parameter. The index is the first.
     */
    if (ast_strlen_zero(second)) {
       ast_log(LOG_ERROR, "Retrieving a value using %s requires two paramaters (index, value) "
          "- only index was given\n", function);
       return -1;
    }
 
    if (ast_str_to_uint(first, &target_index)) {
       ast_log(LOG_ERROR, "Failed to convert index %s to integer for function %s\n",
          first, function);
       return -1;
    }
 
    /* We don't store by uid for the datastore, so just search for the specified index */
    ast_channel_lock(chan);
    AST_LIST_TRAVERSE(ast_channel_datastores(chan), datastore, entry) {
       if (datastore->info != &stir_shaken_datastore_info) {
          continue;
       }
 
       if (current_index == target_index) {
          break;
       }
 
       current_index++;
    }
    ast_channel_unlock(chan);
    if (current_index != target_index || !datastore) {
       ast_log(LOG_WARNING, "No STIR/SHAKEN results for index '%s'\n", first);
       return -1;
    }
    ss_datastore = datastore->data;
 
    if (!strcasecmp(second, "identity")) {
       ast_copy_string(buf, ss_datastore->identity, len);
    } else if (!strcasecmp(second, "attestation")) {
       ast_copy_string(buf, ss_datastore->attestation, len);
    } else if (!strcasecmp(second, "verify_result")) {
       ast_copy_string(buf, stir_shaken_verification_result_to_string(ss_datastore->verify_result), len);
    } else {
       ast_log(LOG_ERROR, "No such value '%s' for %s\n", second, function);
       return -1;
    }
 
    return 0;
 }

◆ stir_shaken_sign()

static unsigned char* stir_shaken_sign	(	char *	json_str,
		EVP_PKEY *	private_key
	)

static

Signs the payload and returns the signature.

Parameters

json_str	The string representation of the JSON
private_key	The private key used to sign the payload

Return values

signature	on success
NULL	on failure

Definition at line 892 of file res_stir_shaken.c.

References ast_base64url_encode(), ast_calloc, ast_free, ast_log, cleanup(), LOG_ERROR, NULL, and ast_stir_shaken_payload::signature.

Referenced by ast_stir_shaken_sign().

 {
    EVP_MD_CTX *mdctx = NULL;
    int ret = 0;
    unsigned char *encoded_signature = NULL;
    unsigned char *signature = NULL;
    size_t encoded_length = 0;
    size_t signature_length = 0;
 
    mdctx = EVP_MD_CTX_create();
    if (!mdctx) {
       ast_log(LOG_ERROR, "Failed to create Message Digest Context\n");
       goto cleanup;
    }
 
    ret = EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, private_key);
    if (ret != 1) {
       ast_log(LOG_ERROR, "Failed to initialize Message Digest Context\n");
       goto cleanup;
    }
 
    ret = EVP_DigestSignUpdate(mdctx, json_str, strlen(json_str));
    if (ret != 1) {
       ast_log(LOG_ERROR, "Failed to update Message Digest Context\n");
       goto cleanup;
    }
 
    ret = EVP_DigestSignFinal(mdctx, NULL, &signature_length);
    if (ret != 1) {
       ast_log(LOG_ERROR, "Failed initial phase of Message Digest Context signing\n");
       goto cleanup;
    }
 
    signature = ast_calloc(1, sizeof(unsigned char) * signature_length);
    if (!signature) {
       ast_log(LOG_ERROR, "Failed to allocate space for signature\n");
       goto cleanup;
    }
 
    ret = EVP_DigestSignFinal(mdctx, signature, &signature_length);
    if (ret != 1) {
       ast_log(LOG_ERROR, "Failed final phase of Message Digest Context signing\n");
       goto cleanup;
    }
 
    /* There are 6 bits to 1 base64 URL digit, so in order to get the size of the base64 encoded
     * signature, we need to multiply by the number of bits in a byte and divide by 6. Since
     * there's rounding when doing base64 conversions, add 3 bytes, just in case, and account
     * for padding. Add another byte for the NULL-terminator.
     */
    encoded_length = ((signature_length * 4 / 3 + 3) & ~3) + 1;
    encoded_signature = ast_calloc(1, encoded_length);
    if (!encoded_signature) {
       ast_log(LOG_ERROR, "Failed to allocate space for encoded signature\n");
       goto cleanup;
    }
 
    ast_base64url_encode((char *)encoded_signature, signature, signature_length, encoded_length);
 
 cleanup:
    if (mdctx) {
       EVP_MD_CTX_destroy(mdctx);
    }
    ast_free(signature);
 
    return encoded_signature;
 }

◆ stir_shaken_verification_result_to_string()

static const char* stir_shaken_verification_result_to_string ( enum ast_stir_shaken_verification_result result )

static

Convert an ast_stir_shaken_verification_result to string representation.

Parameters

result The result to convert

Return values

empty	string if not a valid enum value
string	representation of result otherwise

Definition at line 216 of file res_stir_shaken.c.

References AST_STIR_SHAKEN_VERIFY_MISMATCH, AST_STIR_SHAKEN_VERIFY_NOT_PRESENT, AST_STIR_SHAKEN_VERIFY_PASSED, and AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED.

Referenced by stir_shaken_read().

 {
    switch (result) {
       case AST_STIR_SHAKEN_VERIFY_NOT_PRESENT:
          return "Verification not present";
       case AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED:
          return "Signature failed";
       case AST_STIR_SHAKEN_VERIFY_MISMATCH:
          return "Verification mismatch";
       case AST_STIR_SHAKEN_VERIFY_PASSED:
          return "Verification passed";
       default:
          break;
    }
 
    return "";
 }

◆ stir_shaken_verify_json()

static struct ast_stir_shaken_payload* stir_shaken_verify_json ( struct ast_json * json )

static

Verifies the necessary contents are in the JSON and returns a ast_stir_shaken_payload with the extracted values.

Parameters

json	The JSON to verify

Returns: ast_stir_shaken_payload on success; NULL on failure

Definition at line 788 of file res_stir_shaken.c.

References ast_stir_shaken_payload::algorithm, ast_calloc, ast_json_deep_copy(), ast_json_object_get(), ast_json_string_get(), ast_log, ast_stir_shaken_payload_free(), ast_strdup, ast_strlen_zero, cleanup(), ast_stir_shaken_payload::header, LOG_ERROR, NULL, ast_stir_shaken_payload::payload, STIR_SHAKEN_ENCRYPTION_ALGORITHM, STIR_SHAKEN_PPT, and STIR_SHAKEN_TYPE.

Referenced by ast_stir_shaken_sign().

 {
    struct ast_stir_shaken_payload *payload;
    struct ast_json *obj;
    const char *val;
 
    payload = ast_calloc(1, sizeof(*payload));
    if (!payload) {
       ast_log(LOG_ERROR, "Failed to allocate STIR/SHAKEN payload\n");
       goto cleanup;
    }
 
    /* Look through the header first */
    obj = ast_json_object_get(json, "header");
    if (!obj) {
       ast_log(LOG_ERROR, "STIR/SHAKEN JWT did not have the required field 'header'\n");
       goto cleanup;
    }
 
    payload->header = ast_json_deep_copy(obj);
    if (!payload->header) {
       ast_log(LOG_ERROR, "STIR_SHAKEN payload failed to copy 'header'\n");
       goto cleanup;
    }
 
    /* Check the ppt value for "shaken" */
    val = ast_json_string_get(ast_json_object_get(obj, "ppt"));
    if (ast_strlen_zero(val)) {
       ast_log(LOG_ERROR, "STIR/SHAKEN JWT did not have the required field 'ppt'\n");
       goto cleanup;
    }
    if (strcmp(val, STIR_SHAKEN_PPT)) {
       ast_log(LOG_ERROR, "STIR/SHAKEN JWT field 'ppt' did not have "
          "required value '%s' (was '%s')\n", STIR_SHAKEN_PPT, val);
       goto cleanup;
    }
 
    /* Check the typ value for "passport" */
    val = ast_json_string_get(ast_json_object_get(obj, "typ"));
    if (ast_strlen_zero(val)) {
       ast_log(LOG_ERROR, "STIR/SHAKEN JWT did not have the required field 'typ'\n");
       goto cleanup;
    }
    if (strcmp(val, STIR_SHAKEN_TYPE)) {
       ast_log(LOG_ERROR, "STIR/SHAKEN JWT field 'typ' did not have "
          "required value '%s' (was '%s')\n", STIR_SHAKEN_TYPE, val);
       goto cleanup;
    }
 
    /* Check the alg value for "ES256" */
    val = ast_json_string_get(ast_json_object_get(obj, "alg"));
    if (ast_strlen_zero(val)) {
       ast_log(LOG_ERROR, "STIR/SHAKEN JWT did not have required field 'alg'\n");
       goto cleanup;
    }
    if (strcmp(val, STIR_SHAKEN_ENCRYPTION_ALGORITHM)) {
       ast_log(LOG_ERROR, "STIR/SHAKEN JWT field 'alg' did not have "
          "required value '%s' (was '%s')\n", STIR_SHAKEN_ENCRYPTION_ALGORITHM, val);
       goto cleanup;
    }
 
    payload->algorithm = ast_strdup(val);
    if (!payload->algorithm) {
       ast_log(LOG_ERROR, "STIR/SHAKEN payload failed to copy 'algorithm'\n");
       goto cleanup;
    }
 
    /* Now let's check the payload section */
    obj = ast_json_object_get(json, "payload");
    if (!obj) {
       ast_log(LOG_ERROR, "STIR/SHAKEN payload JWT did not have required field 'payload'\n");
       goto cleanup;
    }
 
    /* Check the orig tn value for not NULL */
    val = ast_json_string_get(ast_json_object_get(ast_json_object_get(obj, "orig"), "tn"));
    if (ast_strlen_zero(val)) {
       ast_log(LOG_ERROR, "STIR/SHAKEN JWT did not have required field 'orig->tn'\n");
       goto cleanup;
    }
 
    /* Payload seems sane. Copy it and return on success */
    payload->payload = ast_json_deep_copy(obj);
    if (!payload->payload) {
       ast_log(LOG_ERROR, "STIR/SHAKEN payload failed to copy 'payload'\n");
       goto cleanup;
    }
 
    return payload;
 
 cleanup:
    ast_stir_shaken_payload_free(payload);
    return NULL;
 }

◆ stir_shaken_verify_signature()

static int stir_shaken_verify_signature	(	const char *	msg,
		const char *	signature,
		EVP_PKEY *	public_key
	)

static

Verifies the signature using a public key.

Parameters

msg	The payload
signature	The signature to verify
public_key	The public key used for verification

Return values

-1	on failure
0	on success

Definition at line 498 of file res_stir_shaken.c.

References ast_base64url_decode(), ast_calloc, ast_free, ast_log, LOG_ERROR, and NULL.

Referenced by ast_stir_shaken_verify().

 {
    EVP_MD_CTX *mdctx = NULL;
    int ret = 0;
    unsigned char *decoded_signature;
    size_t signature_length, decoded_signature_length;
 
    mdctx = EVP_MD_CTX_create();
    if (!mdctx) {
       ast_log(LOG_ERROR, "Failed to create Message Digest Context\n");
       return -1;
    }
 
    ret = EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, public_key);
    if (ret != 1) {
       ast_log(LOG_ERROR, "Failed to initialize Message Digest Context\n");
       EVP_MD_CTX_destroy(mdctx);
       return -1;
    }
 
    ret = EVP_DigestVerifyUpdate(mdctx, (unsigned char *)msg, strlen(msg));
    if (ret != 1) {
       ast_log(LOG_ERROR, "Failed to update Message Digest Context\n");
       EVP_MD_CTX_destroy(mdctx);
       return -1;
    }
 
    /* We need to decode the signature from base64 URL to bytes. Make sure we have
     * at least enough characters for this check */
    signature_length = strlen(signature);
    decoded_signature_length = (signature_length * 3 / 4);
    decoded_signature = ast_calloc(1, decoded_signature_length);
    ast_base64url_decode(decoded_signature, signature, decoded_signature_length);
 
    ret = EVP_DigestVerifyFinal(mdctx, decoded_signature, decoded_signature_length);
    if (ret != 1) {
       ast_log(LOG_ERROR, "Failed final phase of signature verification\n");
       EVP_MD_CTX_destroy(mdctx);
       ast_free(decoded_signature);
       return -1;
    }
 
    EVP_MD_CTX_destroy(mdctx);
    ast_free(decoded_signature);
 
    return 0;
 }

◆ test_stir_shaken_add_fake_astdb_entry()

static void test_stir_shaken_add_fake_astdb_entry	(	const char *	public_cert_url,
		const char *	file_path
	)

static

Definition at line 1260 of file res_stir_shaken.c.

References add_public_key_to_astdb(), ast_db_put(), ast_sha1_hash(), and ast_tvnow().

Referenced by AST_TEST_DEFINE().

 {
    struct timeval expires = ast_tvnow();
    char time_buf[32];
    char hash[41];
 
    ast_sha1_hash(hash, public_cert_url);
    add_public_key_to_astdb(public_cert_url, file_path);
    snprintf(time_buf, sizeof(time_buf), "%30lu", expires.tv_sec + 300);
 
    ast_db_put(hash, "expiration", time_buf);
 }

◆ test_stir_shaken_write_temp_key()

static int test_stir_shaken_write_temp_key	(	char *	file_path,
		int	private
	)

static

Create a private or public key certificate.

Parameters

file_path	The path of the file to create
private	Set to 0 if public, 1 if private

Return values

-1	on failure
0	on success

Definition at line 1282 of file res_stir_shaken.c.

References ast_log, errno, make_ari_stubs::file, LOG_ERROR, and type.

Referenced by AST_TEST_DEFINE().

 {
    FILE *file;
    int fd;
    char *data;
    char *type = private ? "private" : "public";
    char *private_data =
       "-----BEGIN EC PRIVATE KEY-----\n"
       "MHcCAQEEIC+xv2GKNTDd81vJM8rwGAGNqgklKKxz9Qejn+pcRPC1oAoGCCqGSM49\n"
       "AwEHoUQDQgAEq12QXu8lH295ZMZ4udKy5VV8wVgE4qSOnkdofn3hEDsh6QTKTZg9\n"
       "W6PncYAVnmOFRL4cTGRbmAIShN4naZk2Yg==\n"
       "-----END EC PRIVATE KEY-----";
    char *public_data =
       "-----BEGIN CERTIFICATE-----\n"
       "MIIBzDCCAXGgAwIBAgIUXDt6EC0OixT1iRSSPV3jB/zQAlQwCgYIKoZIzj0EAwIw\n"
       "RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu\n"
       "dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA0MTMwNjM3MjRaFw0yMzA3MTcw\n"
       "NjM3MjRaMGoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTESMBAGA1UEBwwJU29t\n"
       "ZXdoZXJlMRowGAYDVQQKDBFBY21lVGVsZWNvbSwgSW5jLjENMAsGA1UECwwEVk9J\n"
       "UDEPMA0GA1UEAwwGU0hBS0VOMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEq12Q\n"
       "Xu8lH295ZMZ4udKy5VV8wVgE4qSOnkdofn3hEDsh6QTKTZg9W6PncYAVnmOFRL4c\n"
       "TGRbmAIShN4naZk2YqMaMBgwFgYIKwYBBQUHARoECjAIoAYWBDEwMDEwCgYIKoZI\n"
       "zj0EAwIDSQAwRgIhAMa9Ky38DgVaIgVm9Mgws/qN3zxjMQXfxEExAbDwyq/WAiEA\n"
       "zbC29mvtSulwbvQJ4fBdFU84cFC3Ctu1QrCeFOiZHc4=\n"
       "-----END CERTIFICATE-----";
 
    fd = mkstemp(file_path);
    if (fd < 0) {
       ast_log(LOG_ERROR, "Failed to create temp %s file: %s\n", type, strerror(errno));
       return -1;
    }
 
    file = fdopen(fd, "w");
    if (!file) {
       ast_log(LOG_ERROR, "Failed to create temp %s key file: %s\n", type, strerror(errno));
       close(fd);
       return -1;
    }
 
    data = private ? private_data : public_data;
    if (fputs(data, file) == EOF) {
       ast_log(LOG_ERROR, "Failed to write temp %s key file\n", type);
       fclose(file);
       return -1;
    }
 
    fclose(file);
 
    return 0;
 }

◆ unload_module()

static int unload_module ( void )

static

Definition at line 1617 of file res_stir_shaken.c.

References ast_custom_function_unregister(), ast_sorcery_unref, AST_TEST_UNREGISTER, NULL, stir_shaken_certificate_unload(), stir_shaken_general_unload(), and stir_shaken_store_unload().

Referenced by load_module().

 {
    int res = 0;
 
    stir_shaken_certificate_unload();
    stir_shaken_store_unload();
    stir_shaken_general_unload();
 
    ast_sorcery_unref(stir_shaken_sorcery);
    stir_shaken_sorcery = NULL;
 
    res |= ast_custom_function_unregister(&stir_shaken_function);
 
    AST_TEST_UNREGISTER(test_stir_shaken_sign);
    AST_TEST_UNREGISTER(test_stir_shaken_verify);
 
    return res;
 }

Variable Documentation

◆ __mod_info

struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "STIR/SHAKEN Module for Asterisk" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CHANNEL_DEPEND - 1, .requires = "res_curl", }

static

Definition at line 1677 of file res_stir_shaken.c.

◆ ast_module_info

const struct ast_module_info* ast_module_info = &__mod_info

static

Definition at line 1677 of file res_stir_shaken.c.

◆ stir_shaken_datastore_info

const struct ast_datastore_info stir_shaken_datastore_info

static

Initial value:

= {
   .type = "STIR/SHAKEN VERIFICATION",
   .destroy = stir_shaken_datastore_destroy_cb,
}

Definition at line 272 of file res_stir_shaken.c.

◆ stir_shaken_function

struct ast_custom_function stir_shaken_function

static

Initial value:

= {
   .name = "STIR_SHAKEN",
   .read = stir_shaken_read,
}

Definition at line 1253 of file res_stir_shaken.c.

◆ stir_shaken_sorcery

struct ast_sorcery* stir_shaken_sorcery

static

Definition at line 144 of file res_stir_shaken.c.

Referenced by ast_stir_shaken_sorcery().

Data Structures

Macros

Functions

Variables

Macro Definition Documentation

◆ AST_DB_FAMILY

◆ EXPIRATION_BUFFER

◆ MAX_PATH_LEN

◆ STIR_SHAKEN_DIR_NAME

Function Documentation

◆ __reg_module()

◆ __unreg_module()

◆ add_public_key_to_astdb()

◆ AST_MODULE_SELF_SYM()

◆ ast_stir_shaken_add_verification()

◆ ast_stir_shaken_get_signature_timeout()

◆ ast_stir_shaken_payload_free()

◆ ast_stir_shaken_payload_get_public_cert_url()

◆ ast_stir_shaken_payload_get_signature()

◆ ast_stir_shaken_sign()

◆ ast_stir_shaken_sorcery()

◆ ast_stir_shaken_verify()

◆ AST_TEST_DEFINE() [1/2]

◆ AST_TEST_DEFINE() [2/2]

◆ curl_and_check_expiration()

◆ get_path_to_public_key()

◆ load_module()

◆ public_key_is_expired()

◆ reload_module()

◆ remove_public_key_from_astdb()

◆ run_curl()

◆ set_public_key_expiration()

◆ stir_shaken_add_attest()

◆ stir_shaken_add_iat()

◆ stir_shaken_add_origid()

◆ stir_shaken_add_x5u()

◆ stir_shaken_datastore_destroy_cb()

◆ stir_shaken_datastore_free()

◆ stir_shaken_read()

◆ stir_shaken_sign()

◆ stir_shaken_verification_result_to_string()

◆ stir_shaken_verify_json()

◆ stir_shaken_verify_signature()

◆ test_stir_shaken_add_fake_astdb_entry()

◆ test_stir_shaken_write_temp_key()

◆ unload_module()

Variable Documentation

◆ __mod_info

◆ ast_module_info

◆ stir_shaken_datastore_info

◆ stir_shaken_function

◆ stir_shaken_sorcery